Let's Encrypt/DuckDNS/Hass.io error

did you try to take out 80 and 443 in the box below (NETWORK and then click save, both should have NULL), like that when you click START the add-on starts (maybe put also AUTO BOOT)

I did and like this after a minute you get something from the log


  • The following errors were reported by the server:
    Domain: xxx.duckdns.org
    Type: connection
    Detail: Timeout
    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

TADA!! It works,

This is what I did

cancel 80 in NETWORK and left 443 and click save. Then I click START the addon
port forwarded in router from 443 to 8123 of IP of pi3

in config

  # Uncomment this to add a password (recommended!)
  api_password: !secret api_password
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem
  base_url: xxx.duckdns.org

restarted home assistant. Now it works

Err…this is the new DuckDNS add-on, doesn’t need the LetsEncrypt one, kind of the whole point.

Presumably this is in the LetsEncrypt add-on which you shouldn’t need as nothing like that in the duckDNS one?

Ahh ok, I see. Well my settings works now. Then maybe is just the port forwarding added that did th trick, not sure

If you add 8123 to the base url you supposedly shouldn’t need the port forward on the router!

Mmhh I think I tried that combination and wasn’t working.

Anyway is working now, I don’t mind keeping the settings of the router with the port forward

Don’t know whether it was anything to do with the 0.55 update last night but tried all my variations again this morning and with the combo of base_url without the port number and 443 forwarded to 8123 on the router, like @anon35356645, it suddenly decided to work this time.

Externally, the url is https://xxxxx.duckdns.org with no port, and internally it’s https://xxx.xxx.x.xxx:8123 though Chrome still isn’t happy and doesn’t want to load the page unless you force it and flags the page as below…

Only definite difference from my previous attempts was the 0.55 update that included the duckdns component though no reports that it should have any effect on this separate add-on, but heh, it now works!

Will submit the important bits for changes to the component page, once I’ve worked out exactly what they are, now I know how thanks to @Danielhiversen, so hopefully this process will become as “effortless” as it was sold :rofl:

it worked for me with 0.54

for me both internally and externally works with


I know but not for me :slight_smile:

Indeed, but why would you access your own network via the outside world if you’re already on it :slight_smile:

In my android app to have only one link (not two) that will work either with local WiFI and 3G. Same with Laptop. For desktop … because I am lazy :smile:

Fair comment :+1:

On from this morning’s success, if you add 8123 to the base_url you can indeed get rid of the port forward on your router.

@anon35356645, from your posts on other subjects I’m assuming your first hass.io version was 0.54? I went all in on the first version so am wondering if I’ve been carrying a bit of duff code (or maybe corruption) that may well have been right in later versions from scratch but didn’t get corrected on update until it overwrote 0.55. Only guessing obviously but it really didn’t work with EXACTLY the same input as before the update.

Have fixed all the other settings that were pointing at the non https version apart from the HASS Configurator add-on which I can’t get to load in the HA front end so far :frowning:

Correct, first Hassio 0.54

It works well for me, this in option

“homeassistant_api”: “https://xxx.duckdns.org/api”,
“homeassistant_password”: “hasspassword”,
“username”: “admin”,
“password”: “otherpass”,
“certfile”: “fullchain.pem”,
“keyfile”: “privkey.pem”,
“ssl”: true,
“allowed_networks”: [
“banned_ips”: [
“ignore_pattern”: [

Thanks, I was overthinking it and got hung up on putting the /ssl before the certificate and key files as per the HA config :blush:

The left hand panel in the configurator, the trigger and entities etc bit, isn’t working properly though which is down to the api address, neither internal or external address makes any difference. Is your’s working OK?

So I tried it again after updating to 0.55, same issue as before. These are the steps I’m taking:

  1. Setup an account at DuckDNS.org and add a domain.
  2. Install the DuckDNS add-on and modify the “Options” section to look like this:
  "lets_encrypt": {
    "accept_terms": true,
    "certfile": "fullchain.pem",
    "keyfile": "privkey.pem"
  "token": "mytokenhere",
  "domains": [
  "seconds": 300
  1. Start DuckDNS and everything appears to be working fine in the DuckDNS logs.
  2. Add the following to my configuration file:
  api_password: !secret http_password
  base_url: mydomainhere.duckdns.org:8123
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem
  1. Restart Home Assistant.

I can access Home Assistant using https://hassio.local:8123 and it gives me the error about not having a private connection, etc. (as expected). If I try to access https://mydomainhere.duckdns.org using my phone (different network), it just sits there and eventually says “Safari cannot open the page because it could not establish a secure connection to the server.”

Edit: So I forwarded 443 to 8123 and now it seems to be working. I thought the whole point of this new method was so that we didn’t have to forward any ports. My firewall picked up me trying to access Hassio remotely from my mobile web browser. However, when I accessed Hassio from the HA iOS app, my firewall detected some random IP (different than my mobile device) trying to access my RPi3. Not sure if that’s normal… I’m obviously keeping it blocked for now and I’m still able to have full functionality with my HA iOS app.

The IP address in question is which is blacklisted.

Edit 2: Firewall is picking up more activity now from Russia ( which is also blacklisted. I’m turning DuckDNS off. Clearly there’s someone probably just doing a mass scan on duckdns.org addresses and attempting to hack whatever they can find.